Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators

The Department of Homeland Security.
The Department of Justice.

“Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015”

Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing ActOn December 18, 2015, Congress passed and President Obama signed into law the Cybersecurity Act of 2015. Title I of the Cybersecurity Act, entitled the Cybersecurity Information Sharing Act (CISA or the Act), provides increased authority for cybersecurity information sharing between and among the private sector; state, local, tribal, and territorial governments; and the Federal Government.1 Section 105(a)(4) of the Act directed the Attorney General and the Secretary of the Department of Homeland Security (DHS) to jointly develop guidance to promote sharing of cyber threat indicators with federal entities pursuant to CISA no later than 60 days after CISA was enacted.

That guidance was published on February 16, 2016, as required by statute.
Unlike other guidance documents that CISA required the federal government to produce, the guidance for sharing cyber threat indicators with federal entities did not direct the publication of an updated version. However, feedback elicited from non-federal entities after the release of the original guidance on sharing with federal entities counseled in favor of releasing a revised version, as permitted under section 105(a)(4)(B)(iii).

Accordingly, this document clarifies and updates the original guidance to further assist non-federal entities who elect to share cyber threat indicators with the Federal Government to do so in accordance with the Act.2 It also assists non-federal entities to identify defensive measures and explains how to share them with federal entities3 as provided by CISA. Lastly, it describes the protections non-federal entities receive under CISA for sharing cyber threat indicators and defensive measures in accordance with the Act, including targeted liability protection and other statutory protections